873 matches found
Black Hat Presentation - Web Cache Entanglement
Overview Akamai is aware of the 'Web Cache Entanglement: Novel Pathways to Poisoning' presentation at BlackHat on August 5, 2020. Two security vulnerabilities related to our content delivery networks' caching functionality were presented as part of this research. Akamai would like to thank James...
Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests
A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...
GSA Bounty: Denial of service via cache poisoning on https://www.data.gov/
An attacker can persistently block access to any on https://www.data.gov/ by using cache poisoning with the h0st headers to cause 502 response code。 To replicate: load https://www.data.gov/ in your browser. look the burp , add ?xyzxyz=1 as cache buster , and add h0st headers h0st: wrtqvavjigwdvoq...
Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...
Security Bulletin: Vulnerabilities in Netty affect IBM Netcool Agile Service Manager (CVE-2020-7238)
Summary Vulnerabilities in Netty used by IBM Netcool Agile Service Manager have been identified. Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling...
CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
Design/Logic Flaw
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
CVE-2019-19326
CVE-2019-19326 affects SilverStripe CMS up to release 4.4.4 where HTTP Cache Headers enabled in the framework’s HTTP layer can be abused to poison web caches. By manipulating headers such as X-Original-Url and X-HTTP-Method-Override, an attacker can cause cached responses to include malicious HTT...
Node.js: HTTP Request Smuggling due to CR-to-Hyphen conversion
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...
CVE-2019-19326: Web Cache Poisoning through HTTPRequestBuilder
More info at https://www.silverstripe.org/download/security-releases/cve-2019-19326/...
Basecamp: HTTP request smuggling on Basecamp 2 allows web cache poisoning
It is found that an authenticated Basecamp 2 user can desync front and backend servers and poison the socket with harmful response for the next visitor. During redirect probe, It also appears that front-end infrastructure performs caching of content. Using HTTP request smuggling attack, It is...
DEBIAN-CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...
UBUNTU-CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace...
Squid Environment Issues Vulnerabilities
Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. An environmental issue vulnerability exists in the http/ContentLengthInterpreter.cc file in Squid versions prior to 4....
Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities.
Summary IBM Integration Bus ships Apache Tomcat which is susceptible to vulnerabilities which were reported and have been addressed. Vulnerability Details CVEID: CVE-2020-1935 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual...
RUSTSEC-2020-0031 HTTP Request smuggling through malformed Transfer Encoding headers
HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks CL:TE/TE:TE by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a...
HTTP Request smuggling through malformed Transfer Encoding headers
HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks CL:TE/TE:TE by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a...
Mail.ru: Web cache information leakage at sbermarket.ru
Due to invalid caching settings, attacker could obtain profile related data from the web cache by forcing victim to request vulnerable endpoint...